The security fixes described below are available in AirPort Update
2006-001 and Security Update 2006-005. AirPort Update 2006-001
contains an additional non-security fix to address a reliability
issue that occurs on a limited number of MacBook Pro systems.

AirPort
CVE-ID: CVE-2006-3507
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS
X v10.4.7, Mac OS X Server v10.4.7
Impact: Attackers on the wireless network may cause arbitrary
code execution
Description: Two separate stack buffer overflows exist in the
AirPort wireless driver's handling of malformed frames. An
attacker in local proximity may be able to trigger an overflow
by injecting a maliciously-crafted frame into a wireless
network. When the AirPort card is on, this could lead to arbitrary
code execution with system privileges. This issue affects Power
Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac
mini computers equipped with wireless. Intel-based Mac mini,
MacBook, and MacBook Pro computers are not affected. There is no
known exploit for this issue. This update addresses the issues
by performing additional validation of wireless frames.

AirPort
CVE-ID: CVE-2006-3508
Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Attackers on the wireless network may cause system
crashes, privilege elevation, or arbitrary code execution
Description: A heap buffer overflow exists in the AirPort
wireless driver's handling of scan cache updates. An attacker in
local proximity may be able to trigger the overflow by injecting
a maliciously-crafted frame into the wireless network. This
could lead to a system crash, privilege elevation, or arbitrary
code execution with system privileges. This issue affects
Intel-based Mac mini, MacBook, and MacBook Pro computers
equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro,
Xserve, and PowerPC-based Mac mini computers are not affected.
This update addresses the issue by performing additional
validation of wireless frames. There is no known exploit for
this issue. This issue does not affect systems prior to Mac OS X
v10.4.

AirPort
CVE-ID: CVE-2006-3509
Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Depending upon third-party wireless software in use,
attackers on the wireless network may cause crashes or arbitrary
code execution
Description: An integer overflow exists in the AirPort wireless
driver's API for third-party wireless software. This could lead
to a buffer overflow in such applications dependent upon API
usage. No applications are known to be affected at this time. If
an application is affected, then an attacker in local proximity
may be able to trigger an overflow by injecting a
maliciously-crafted frame into the wireless network. This may
cause crashes or lead to arbitrary code execution with the
privileges of the user running the application. This issue
affects Intel-based Mac mini, MacBook, and MacBook Pro computers
equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro,
Xserve, and PowerPC-based Mac mini computers are not affected.
This update addresses the issues by performing additional
validation of wireless frames. There is no known exploit for
this issue. This issue does not affect systems prior to Mac OS X
v10.4.

AirPort Update 2006-001 and Security Update 2006-005 may be obtained
from the Software Update pane in System Preferences, or Apple's
Software Downloads web site:
http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to
your system configuration. Only one is needed, either AirPort Update
2006-001 or Security Update 2006-005.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden